904250 – (CVE-2023-29479, CVE-2023-29480) <dev-util/librnp-0.16.3: Multiple vulnerabilities

Bug 904250 (CVE-2023-29479, CVE-2023-29480) - <dev-util/librnp-0.16.3: Multiple vulnerabilities

Summary: <dev-util/librnp-0.16.3: Multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	CVE-2023-29479, CVE-2023-29480

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2023-04-13 04:11 UTC by Sam James
Modified:	2023-04-30 23:29 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-04-13 04:11:25 UTC

From 0.16.3 release notes:
    Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
    Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).

Comment 1 Larry the Git Cow gentoo-dev

2023-04-13 05:55:17 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ee9c4190e2ce8af9ee0d8545a198f16d8954b05

commit 1ee9c4190e2ce8af9ee0d8545a198f16d8954b05
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-13 05:40:17 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-13 05:55:14 +0000

    dev-util/librnp: add 0.16.3
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/Manifest             |  1 +
 dev-util/librnp/librnp-0.16.3.ebuild | 73 ++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2023-04-13 13:36:22 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87026f7144840af2e6b1efb370a170dec6afa4f6

commit 87026f7144840af2e6b1efb370a170dec6afa4f6
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-13 11:22:40 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-13 13:36:17 +0000

    dev-util/librnp: stabilize 0.16.3 for x86
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/librnp-0.16.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a102a388524f59bac0ea069b5b2645abe2180f9b

commit a102a388524f59bac0ea069b5b2645abe2180f9b
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-13 11:22:28 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-13 13:36:17 +0000

    dev-util/librnp: stabilize 0.16.3 for amd64
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/librnp-0.16.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Larry the Git Cow gentoo-dev

2023-04-15 06:19:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f624875e395e3852bd41dc29e9d141a113ba3472

commit f624875e395e3852bd41dc29e9d141a113ba3472
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-04-15 06:16:53 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-04-15 06:18:56 +0000

    dev-util/librnp: drop 0.16.2
    
    Bug: https://bugs.gentoo.org/904250
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-util/librnp/Manifest             |  1 -
 dev-util/librnp/librnp-0.16.2.ebuild | 73 ------------------------------------
 2 files changed, 74 deletions(-)

Comment 4 John Helmert III archtester

2023-04-30 23:29:48 UTC

Thanks!